CVE-2018-10628

Name of the Vulnerable Software and Affected Versions AVEVA InTouch 2014 R2 SP1 and prior AVEVA InTouch 2017 AVEVA InTouch 2017 Update 1 AVEVA InTouch 2017 Update 2

Description The issue is caused by a buffer overflow in the stack due to inadequate input processing. This allows an unauthenticated user to send a specially crafted packet, potentially leading to remote code execution under the privileges of the InTouch View process.

Recommendations For AVEVA InTouch 2014 R2 SP1 and prior, consider disabling the vulnerable input processing functionality until a patch is available. For AVEVA InTouch 2017, restrict access to the InTouch View process to minimize the risk of exploitation. For AVEVA InTouch 2017 Update 1, avoid using the vulnerable packet processing functionality in the InTouch View process until the issue is resolved. For AVEVA InTouch 2017 Update 2, as a temporary workaround, consider restricting the privileges of the InTouch View process to prevent potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.